Showing 1 - 1 of 1

CVE-2016-1519

Status Candidate

Overview

The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate.

Related Files

Grandstream Wave 1.0.1.26 TLS Man-In-The-Middle: Posted Mar 18, 2016; Authored by Georg Lukas; Grandstream VoIP products deploy a remote provisioning mechanism that allows to automatically set configuration elements on app startup. By default, an insecure connection to `fm.grandstream.com` is used to obtain the provisioning profile. However, even if an HTTPS URL is configured, the certificate is not validated, allowing an active attacker to successfully impersonate the provisioning server with an invalid, mismatching or outdated certificate.; tags | advisory, remote, web; advisories | CVE-2016-1518, CVE-2016-1519; SHA-256 | e07ded7e5b842693413e62a615f10b879e181af670786c29c60e322c6aec3f73; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 114 files
Ubuntu 98 files
Debian 14 files
Rafael Pedrero 11 files
Apple 9 files
Google Security Research 9 files
Abdulhakim Oner 8 files
nu11secur1ty 8 files
Hubert Wojciechowski 6 files
Sarang Tumne 5 files

File Archives

Systems

AIX (426)
Apple (1,960)
BSD (372)
CentOS (56)
Cisco (1,919)
Debian (6,715)
Fedora (1,691)
FreeBSD (1,244)
Gentoo (4,288)
HPUX (878)
iOS (340)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,153)
Mac OS X (684)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (12,930)
Slackware (941)
Solaris (1,609)
SUSE (1,444)
Ubuntu (8,462)
UNIX (9,208)
UnixWare (185)
Windows (6,533)
Other

CVE-2016-1519

Overview

Related Files

File Archive:

March 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems